ci: add minimum GitHub token permissions for workflows

Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>
This commit is contained in:
Ashish Kurmi 2022-10-02 11:16:13 -07:00
parent f060309002
commit 87e7f3a61c
2 changed files with 9 additions and 0 deletions

View File

@ -5,6 +5,9 @@ on:
release:
types: [published]
permissions:
contents: read
jobs:
generate:
name: 'Update node-red-docker image'

View File

@ -6,8 +6,14 @@ on:
pull_request:
branches: [ master, dev ]
permissions:
contents: read
jobs:
build:
permissions:
checks: write # for coverallsapp/github-action to create new checks
contents: read # for actions/checkout to fetch code
runs-on: ubuntu-latest
strategy:
matrix: